﻿//using Constants;
//using ELF.Permissions;
//using Microsoft.AspNetCore.Authorization;
//using Microsoft.AspNetCore.Authorization.Policy;

//namespace ELF.Gateway.Permissions
//{
//    public class SampleAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
//    {
//        static readonly IReadOnlyList<string> AllowUrls = ["Earth", "Mars", "Jupiter"];
//        private readonly AuthorizationMiddlewareResultHandler defaultHandler = new();
//        private readonly IConfiguration configuration;
//        private readonly IPermissionsService permissionsService;

//        public SampleAuthorizationMiddlewareResultHandler(IConfiguration configuration, IPermissionsService permissionsService)
//        {
//            this.configuration = configuration;
//            this.permissionsService = permissionsService;
//        }

//        public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
//        {
//            if (context.User.Identity?.IsAuthenticated == true)
//            {
//                var userIdValue = context.User.FindFirst(UserConsts.UserIdKey)?.Value;
//                if (string.IsNullOrEmpty(userIdValue) || !long.TryParse(userIdValue, out var userId))
//                {
//                    // 未登录，直接拒绝访问
//                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
//                    return;
//                }

//                var userName = context.User.FindFirst(UserConsts.UserNameKey)?.Value;
//                if (userName == UserConsts.AdminUserName)
//                {
//                    // 如果是管理员，则直接允许访问
//                    await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
//                    return;
//                }

//                // 从路由元数据中获取权限标识
//                var endpoint = context.Request.Path.Value;
//                if (AllowUrls.Contains(endpoint))
//                {
//                    // 白名单，直接允许访问
//                    await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
//                    return;
//                }

//                var authUrl = configuration["OpenIddict:Issuer"] ?? throw new InvalidOperationException("OpenIddict:Issuer is not configured.");
//                // 调用权限中心验证
//                var success = await permissionsService.AuthenticateAsync(userIdValue, authUrl);
//                if (success)
//                {
//                    await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
//                    return;
//                }
//                else
//                {
//                    // 未登录，直接拒绝访问
//                    context.Response.StatusCode = StatusCodes.Status403Forbidden;
//                    return;
//                }
//            }

//            await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
//        }
//    }
//}
